this post was submitted on 29 Aug 2025
550 points (99.1% liked)

Programmer Humor

26135 readers
1230 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
anzo@programming.dev
Feyter@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
550
Context: Docker bypasses all UFW firewall rules (lemmy.world)
submitted 1 week ago* (last edited 1 week ago) by qaz@lemmy.world to c/programmer_humor@programming.dev
106 comments fedilink hide all child comments
 

Docker docs:

Docker routes container traffic in the nat table, which means that packets are diverted before it reaches the INPUT and OUTPUT chains that ufw uses. Packets are routed before the firewall rules can be applied, effectively ignoring your firewall configuration.

you are viewing a single comment's thread
view the rest of the comments
[–] IsoKiero@sopuli.xyz 7 points 1 week ago

Docker spesifically creates rules for itself which are by default open to everyone. UFW (and underlying eftables/iptables) just does as it's told by the system root (via docker). I can't really blame the system when it does what it's told to do and it's been administrators job to manage that in a reasonable way since forever.

And (not related to linux or docker in any way) there's still big commercial software which highly paid consultants install and the very first thing they do is to turn the firewall off....